CVE-2026-7548

Totolink NR1800X firmware 9.1.0u.6279_B20210910 is affected. Vulnerable component: /cgi-bin/cstecgi.cgi, function sub_41A68C; manipulating the argument setUssd enables remote command injection. Exploit public. CVSS metrics indicate high impact and network-based access with low complexity. Impact ...

CVE-2026-7548

A vulnerability was detected in Totolink NR1800X 9.1.0u.6279B20210910. This affects the function sub41A68C of the file /cgi-bin/cstecgi.cgi. Performing a manipulation of the argument setUssd results in command injection. The attack is possible to be carried out remotely. The exploit is now public...

CVE-2026-7538

A vulnerability was identified in Totolink A8000RU 7.1cu.643b20200521. This issue affects the function Vulnerability of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument proto leads to os command injection. The attack may be initiated remotely. The explo...

CVE-2026-7538

A vulnerability was identified in Totolink A8000RU 7.1cu.643b20200521. This issue affects the function Vulnerability of the file /cgi-bin/cstecgi.cgi of the component CGI Handler. The manipulation of the argument proto leads to os command injection. The attack may be initiated remotely. The explo...

CVE-2026-7538

Totolink A8000RU 7.1cu.643_b20200521 is affected by a CGI vulnerability in /cgi-bin/cstecgi.cgi where the proto parameter can be manipulated to trigger OS command injection. The issue allows remote exploitation and the exploit is publicly available. Affected component: CGI Handler (function Vulne...

PT-2026-36545

Name of the Vulnerable Software and Affected Versions Sunwood-ai-labs command-executor-mcp-server versions prior to 0.1.1 Description An OS command injection flaw exists in the MCP Interface component within the execute command function of the src/index.ts file. This allows for remote code...

VulnCheck KEV: CVE-2025-60021

Remote command injection vulnerability in heap profiler builtin service in Apache bRPC all versions 1.15.0 on all platforms allows attacker to inject remote command. Root Cause: The bRPC heap profiler built-in service /pprof/heap does not validate the user-provided extraoptions parameter and...

CVE-2026-7469

A vulnerability was detected in Tenda 4G300 US4G300V1.0MtV1.01.42CNTDC01. This impacts the function sub425A28 of the file /goform/DelFil. The manipulation of the argument delflag results in command injection. The attack may be launched remotely. The exploit is now public and may be used...

EUVD-2026-26306

A vulnerability was detected in Tenda 4G300 US4G300V1.0MtV1.01.42CNTDC01. This impacts the function sub425A28 of the file /goform/DelFil. The manipulation of the argument delflag results in command injection. The attack may be launched remotely. The exploit is now public and may be used...

GHSA-86HP-QXQP-W9WV mcp-server-semgrep has a Command Injection issue

A vulnerability was detected in VetCoders mcp-server-semgrep 1.0.0. This affects the function analyzeresults/filterresults/exportresults/compareresults/scandirectory/createrule of the file src/index.ts of the component MCP Interface. The manipulation of the argument ID results in os command...

CVE-2026-7446

A vulnerability was detected in VetCoders mcp-server-semgrep 1.0.0. This affects the function analyzeresults/filterresults/exportresults/compareresults/scandirectory/createrule of the file src/index.ts of the component MCP Interface. The manipulation of the argument ID results in os command...

CVE-2026-7446

A vulnerability was detected in VetCoders mcp-server-semgrep 1.0.0. This affects the function analyzeresults/filterresults/exportresults/compareresults/scandirectory/createrule of the file src/index.ts of the component MCP Interface. The manipulation of the argument ID results in os command...

PT-2026-36034

A vulnerability was detected in Tenda 4G300 US 4G300V1.0Mt V1.01.42 CN TDC01. This impacts the function sub 425A28 of the file /goform/DelFil. The manipulation of the argument delflag results in command injection. The attack may be launched remotely. The exploit is now public and may be used...

PT-2026-36030

Name of the Vulnerable Software and Affected Versions VetCoders mcp-server-semgrep version 1.0.0 Description Remote OS command injection is possible within the MCP Interface component in the file src/index.ts. The issue occurs when the ID argument is manipulated, affecting the functions analyze...

CVE-2026-7443

A weakness has been identified in BurtTheCoder mcp-dnstwist up to 1.0.4. Affected by this vulnerability is the function fuzzdomain of the file src/index.ts of the component MCP Interface. Executing a manipulation of the argument Request can lead to os command injection. The attack may be launched...

CVE-2026-7443 BurtTheCoder mcp-dnstwist MCP index.ts fuzz_domain os command injection

A weakness has been identified in BurtTheCoder mcp-dnstwist up to 1.0.4. Affected by this vulnerability is the function fuzzdomain of the file src/index.ts of the component MCP Interface. Executing a manipulation of the argument Request can lead to os command injection. The attack may be launched...

EUVD-2026-26300

A weakness has been identified in BurtTheCoder mcp-dnstwist up to 1.0.4. Affected by this vulnerability is the function fuzzdomain of the file src/index.ts of the component MCP Interface. Executing a manipulation of the argument Request can lead to os command injection. The attack may be launched...

CVE-2026-7443

A weakness has been identified in BurtTheCoder mcp-dnstwist up to 1.0.4. Affected by this vulnerability is the function fuzzdomain of the file src/index.ts of the component MCP Interface. Executing a manipulation of the argument Request can lead to os command injection. The attack may be launched...

CVE-2026-7443 BurtTheCoder mcp-dnstwist MCP index.ts fuzz_domain os command injection

A weakness has been identified in BurtTheCoder mcp-dnstwist up to 1.0.4. Affected by this vulnerability is the function fuzzdomain of the file src/index.ts of the component MCP Interface. Executing a manipulation of the argument Request can lead to os command injection. The attack may be launched...

CVE-2026-7416

A vulnerability was found in PolarVista xcode-mcp-server 1.0.0. This issue affects the function buildproject/runtests of the file src/index.ts of the component MCP Interface. The manipulation of the argument Request results in os command injection. The attack may be launched remotely. The exploit...